Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ASM] Add support for attacker fingerprinting #4698

Merged
merged 16 commits into from
Oct 8, 2024

Conversation

CarlesDD
Copy link
Contributor

@CarlesDD CarlesDD commented Sep 18, 2024

What does this PR do?

Adds support for attacker fingerprinting:

  • Reports in the root span the fingerprints generated by the WAF
  • Updates RC capabilities.

Motivation

Fingerprinting is a technique used to identify and track users through the use of available data which, when combined through a certain set of algorithms, can provide a unique fingerprint for said user. Fingerprinting can be performed on many contexts with different data sets, such as the browser, which can provide the algorithm with specific data about the user’s software and hardware stack, or the server, which typically provides data at the different levels of the network stack.

Additional Notes

ASM_SESSION_FINGERPRINT is not yet supported since usr.session_id address is not provided yet.

System Test

PR to test capabilities: DataDog/system-tests#3061

APPSEC-54718

Copy link

github-actions bot commented Sep 18, 2024

Overall package size

Self size: 7.42 MB
Deduped: 63.19 MB
No deduping: 63.47 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | @datadog/native-appsec | 8.1.1 | 18.67 MB | 18.68 MB | | @datadog/native-iast-taint-tracking | 3.1.0 | 12.27 MB | 12.28 MB | | @datadog/pprof | 5.3.0 | 9.85 MB | 10.22 MB | | protobufjs | 7.2.5 | 2.77 MB | 5.16 MB | | @datadog/native-iast-rewriter | 2.5.0 | 2.51 MB | 2.59 MB | | @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB | | @datadog/native-metrics | 2.0.0 | 898.77 kB | 1.3 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | jsonpath-plus | 9.0.0 | 580.4 kB | 1.03 MB | | import-in-the-middle | 1.11.2 | 112.74 kB | 826.22 kB | | msgpack-lite | 0.1.26 | 201.16 kB | 281.59 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB | | semver | 7.6.3 | 95.82 kB | 95.82 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | lru-cache | 7.14.0 | 74.95 kB | 74.95 kB | | ignore | 5.3.1 | 51.46 kB | 51.46 kB | | int64-buffer | 0.1.10 | 49.18 kB | 49.18 kB | | shell-quote | 1.8.1 | 44.96 kB | 44.96 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.3.1 | 25.21 kB | 25.21 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | path-to-regexp | 0.1.10 | 6.38 kB | 6.38 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@pr-commenter
Copy link

pr-commenter bot commented Sep 18, 2024

Benchmarks

Benchmark execution time: 2024-10-08 13:48:37

Comparing candidate commit ac364fa in PR branch ccapell/asm-attacker-fingerprint with baseline commit 111a156 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 260 metrics, 6 unstable metrics.

@CarlesDD CarlesDD marked this pull request as ready for review September 18, 2024 06:08
@CarlesDD CarlesDD requested a review from a team as a code owner September 18, 2024 06:08
Copy link

codecov bot commented Sep 18, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.24%. Comparing base (d871335) to head (956b2da).
Report is 1 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #4698      +/-   ##
==========================================
- Coverage   92.13%   84.24%   -7.90%     
==========================================
  Files         105      291     +186     
  Lines        3384    12491    +9107     
  Branches       33       33              
==========================================
+ Hits         3118    10523    +7405     
- Misses        266     1968    +1702     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@CarlesDD CarlesDD marked this pull request as draft September 19, 2024 08:53
@simon-id
Copy link
Member

Reminder that you're missing providing the waf with server.business_logic.users.login.failure and server.business_logic.users.login.success. You can put them in track_event.js and if needed i'll clean it up later since i'm working on that part of the code too.

@CarlesDD CarlesDD marked this pull request as ready for review October 2, 2024 06:07
@CarlesDD CarlesDD requested a review from a team as a code owner October 2, 2024 06:07
uurien
uurien previously approved these changes Oct 7, 2024
@CarlesDD CarlesDD force-pushed the ccapell/asm-attacker-fingerprint branch from 970835c to a291490 Compare October 8, 2024 13:03
@CarlesDD CarlesDD merged commit a2b318d into master Oct 8, 2024
197 checks passed
@CarlesDD CarlesDD deleted the ccapell/asm-attacker-fingerprint branch October 8, 2024 14:06
bengl pushed a commit that referenced this pull request Oct 16, 2024
* Report WAF fingerprints

* WAF fingerprint RC capabilities

* Linting

* Remove useless file

* Add blank line

* Remove unused capability

* Generate fingerprint on user login events

* Fix linting

* Add passport plugin test to GHA

* Add business logic addressses

* Add body-parser dep to passport plugin test

* Reformat test

* Refactor report derivatives

* Move method to its right place

* Unify reportSchemas and reportFingerprint test in one suite

* Unify reportSchemas and reportFingerprint test in one suite
bengl pushed a commit that referenced this pull request Oct 16, 2024
* Report WAF fingerprints

* WAF fingerprint RC capabilities

* Linting

* Remove useless file

* Add blank line

* Remove unused capability

* Generate fingerprint on user login events

* Fix linting

* Add passport plugin test to GHA

* Add business logic addressses

* Add body-parser dep to passport plugin test

* Reformat test

* Refactor report derivatives

* Move method to its right place

* Unify reportSchemas and reportFingerprint test in one suite

* Unify reportSchemas and reportFingerprint test in one suite
This was referenced Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants